Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Restricting iexplorer with CSA ?

Hi all,

Does anyone have any ideas on how to use CSA to restrict iexplorer to only work when the host has an address of a given subnet?

ie. iexplorer.exe may only be allowed if the host has an addresse in the subnet of 192.168.2.x/24 ?

KDAM

2 REPLIES
Blue

Re: Restricting iexplorer with CSA ?

You could use a system state set to allow or deny iexplore.exe when the host address matches a given address range.

New Member

Re: Restricting iexplorer with CSA ?

Hi, You could create two rules. First a Network Access Control rule DENY when Application in the following class = iexplore.exe attempting to act as a client TCP/0-65535, UDP/0-65535 communicating with host address 0.0.0.0-255.255.255.255. using local address 0.0.0.0-255.255.255.255. Then create an Allow rule to ALLOW when Application in the following class = iexplore.exe attempting to act as a client TCP/0-65535, UDP/0-65535 communicating with host address 0.0.0.0-255.255.255.255. using local address 192.168.2.0/24.

I would test this and turn on logging. You may need to adjust it some. Hope this helps.

112
Views
6
Helpful
2
Replies